On 21 October 2012 08:26, Michael Tokarev <m...@tls.msk.ru> wrote:
> On 20.10.2012 00:43, Jason Baron wrote:
>> +char *qemu_find_file(int type, const char *name)
>> +{
>> + char *filename;
>> +
>> + /* Try the name as a straight path first */
>> + if (access(name, R_OK) == 0) {
>> + return g_strdup(name);
>> + }
>
> FWIW, this can be a security issue, when a more privileged
> user tries to run qemu from trusted path (/usr/bin) in a
> directory owned by non-privileged user, to utilize -runas
> or somesuch. I understand it's been this way since the
> beginning.
>
> Maybe we can do a bit better here, like (windows systems
> aside) this:
>
> if (strchr(name, '/') && access(name, R_OK) == 0) {...}
We used to do that, but it was removed in commit 3178320
because it's inconsistent with how we handle other file
access (like -kernel). The documentation says -bios takes
a filename, so it should just take a filename, with no
weird undocumented restrictions.
If you want qemu not to read files from the current
working directory by default the right fix for that is
probably to make those defaults be "foo.bin in the bios path",
not unqualified "foo.bin".
-- PMM
